CVE-2025-47419

Summary

Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.

The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.

This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

Affected Software

VendorProductVersion RangeStatus
CrestronAutomate VX5.6.8161.21536 <= 6.4.0.49affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

Workarounds

Protect the device at the physical or network layer using an external firewall to prevent unauthorized configuration.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References